Static analysis is often treated like an ancient form of alchemy when it comes to modern development practices. In reality though, static analysis can be a powerful tool when it is understood and wielded properly. This presentation will demystify the inner workings of a modern static analysis engine, show you the ugly defects you can slay with static analysis, and set you on the path to effectively level up your coding skills.
Author:
David Lindsay
David Lindsay leads Coverity's Security efforts as a Senior Product Manager. In this role, David focuses on understanding the security industry market, researching industry trends, and helping to improve Coverity's static analysis capabilities. David is also a co-author of the book Web Application Obfuscation and is a frequent speaker at security conferences including Blackhat, Bluehat, and OWASP AppSec Research. David graduated from the University of Utah with a Masters degree in Mathematics. After this, he spent many years as an application security engineer and consultant specializing in threat modeling, penetration testing, architecture analysis, cryptography, and web application vulnerabilities.